I. Attali and T. Jensen (Eds.): E-smart 2001, LNCS 2140, pp. 71-82, 2001.
Springer-Verlag Berlin Heidelberg 2001
An Internet Authorization Scheme Using Smart-Card-Based Security Kernels
Yves Deswarte, Noreddine Abghour, Vincent Nicomette, and David Powell LAAS-CNRS,
7 avenue du Colonel Roche, 31077 Toulouse Cedex 4, France
{Yves.Deswarte,Noreddine.Abghour,Vincent.Nicomette,David.Powell}@laas.fr
Abstract. This paper presents an authorization scheme for applications
distributed on the Internet with two levels of access control: a global level, implemented through a fault- and intrusion-tolerant authorization server, and a local level implemented as a security kernel located on both the local host Java Virtual Machine (JVM) and on a Java Card connected to this host.
1 Introduction
Today, most Internet applications are based on the client-server model. In this model, typically, the server distrusts clients, and grants each client access rights according to the client’s identity. This enables the server to record a lot of personal information about clients: identity, usual IP address, postal address, credit card number, purchase habits, etc. Such a model is thus necessarily privacy intrusive.
Moreover, the client-server model is not rich enough to cope with complex transactions involving more than two participants. For example, an electronic commerce transaction requires usually the cooperation of a customer, a merchant, a credit card company, a bank, a delivery company, etc. Each of these participants has different interests, and thus distrusts the other participants.
Within the MAFTIA
1project, we are developing authorization schemes that can grant to each participant fair rights, while distributing to each one only the information strictly needed to execute its own task, i.e., a proof that the task has to be executed and the parameters needed for this execution, without unnecessary information such as participant identities. These schemes are based on two levels of protection:
•
An authorization server is in charge of granting or denying rights for high-level operations involving several participants; if a high-level operation is authorized, the authorization server distributes capabilities for all the elementary operations that are needed to carry it out.
1 MAFTIA (Malicious- and Accidental-Fault Tolerance for Internet Applications) is a European project of the IST Program. MAFTIA partners are University of Newcastle upon Tyne (GB), prime contractor, DERA(GB), IBM Zurich Research Lab. (CH), LAAS-CNRS (F), University of Lisbon (P) and University of Saarland (D). See http://www.maftia.org/.
72 Yves Deswarte et al.
•